Skip to content

Instantly share code, notes, and snippets.

Thomas Patzke thomaspatzke

  • Code published here is private and not affiliated with my employer.
  • Germany
Block or report user

Report or block thomaspatzke

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
thomaspatzke / gist:7481047
Created Nov 15, 2013
Create "host;name;port;service;product" CSV from nmap scan XML.
View gist:7481047
xmlstarlet sel -t -m '//port/state[@state="open"]' -v 'concat(ancestor::host/address/@addr,";",ancestor::host/hostnames/hostname[position()=1]/@name,";",../@portid,";",../service/@name,";",../service/@product)' -n file.xml
thomaspatzke / gist:7445851
Created Nov 13, 2013
Create HTML with links to all HTTP servers from nmap scan results.
View gist:7445851
xmlstarlet sel -T -t -m '//port/service[@name="http"]' -v 'concat(ancestor::host/address/@addr, ":", ../@portid, " <a href=http://", ancestor::host/address/@addr, ":", ../@portid, ">HTTP</a> <a href=https://", ancestor::host/address/@addr, ":", ../@portid, ">HTTPS</a><br />")' -n file.xml
thomaspatzke / gist:7445776
Created Nov 13, 2013
Extract HTTP URLs, Requests and Responses from Wireshark PDML file.
View gist:7445776
xmlstarlet sel -t -m '//proto[@name="http"]' --if 'descendant::field[@name="http.request"]' -o 'URL: ' -v 'descendant::field[@name="http.request.full_uri"]/@show' -n -o 'Request: ' -v 'following-sibling::proto[@name="data-text-lines"]/field/@value' -n --elif 'descendant::field[@name="http.response"]' -o 'Code: ' -v 'descendant::field[@name="http.response.code"]/@show' -o ' ' -v 'descendant::field[@name="http.response.phrase"]/@show' -n -o 'Response: ' -v 'following-sibling::proto[@name="data-text-lines"]/field/@value' -n file.pdml | perl -ne 'if (/^((?:Request|Response): )?([0-9a-f]+)$/i) { $p = $1; $e = $2; $e =~ s/([0-9a-f]{2})/$1 /ig; print "$p"; print map { chr(hex($_)) } (split / /, $e); print "\n" if ($e !~ /0[da].?$/i) } else { print }'
thomaspatzke /
Last active Aug 29, 2015
Hex-only dump in Python in one line
print("\n".join([" ".join(["{:02x}".format(c) for c in bin[i:i+16]]) for i in range(0, len(bin), 16)]))
thomaspatzke /
Created Feb 2, 2015
This is a template for a Burp extension that can be used as session handling macro action. It pulls an identifier (here: last part of location header from redirection response) from the first macro response and puts it in the given place of the current request (here: last URL path component). Adapt as needed at the places marked with "CONFIG" co…
from burp import (IBurpExtender, ISessionHandlingAction)
import re
class BurpExtender(IBurpExtender, ISessionHandlingAction):
def registerExtenderCallbacks(self, callbacks):
self.callbacks = callbacks
self.helpers = callbacks.getHelpers()
callbacks.setExtensionName("Path Parameter Session Handling Action")
self.out = callbacks.getStdout()
thomaspatzke /
Created Jan 19, 2015
Extract POST parameter (here javax.faces.ViewState) from files with saved HTTP requests
grep javax.faces.ViewState POSTs.xml | perl -mURI::Escape -ne '/javax\.faces\.ViewState=(.*?)&/; print URI::Escape::uri_unescape($1); print "\n"' | sort -u
thomaspatzke /
Created Jan 7, 2015
Generate a list of files with unique content
find -type f -exec sha256sum {} \; | sort | perl -ne '($h, $f) = /^(\S+)\s+(.*)$/; if (defined $ph && $ph ne $h || !defined $ph) { print "$f\n" } $ph = $h; $pf = $f;'
thomaspatzke /
Last active Aug 29, 2015
Extract particular HTTP request parameter value (POST) from Burp XML save file without Base64 request/response encoding. Here I extract the NavigationTarget parameter of a SAP Portal application.
xmlstarlet sel -t -m '//items/item[contains(./request,"NavigationTarget")]' -v 'substring-before(substring-after(./request, "NavigationTarget="), "&")' -n Crawl-*.xml | perl -mURI::Escape -ne 'print URI::Escape::uri_unescape($_);' | sort -u

Keybase proof

I hereby claim:

  • I am thomaspatzke on github.
  • I am thomaspatzke ( on keybase.
  • I have a public key whose fingerprint is ADDB 3A1A 80DE 4D0E 79B9 58AD 5F1A A4D8 C753 A286

To claim this, I am signing this object:

thomaspatzke / gist:e3dbbc7eba710874e7e3
Created Sep 12, 2014
Convert something into URL encoding
View gist:e3dbbc7eba710874e7e3
| hd | perl -ne 's/^\d+\s+//d; s/\s+\|.*?$//g; s/([\da-f]+)\s+/%$1/g; print;'
You can’t perform that action at this time.